Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/285083?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/285083?format=api", "purl": "pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community", "type": "apk", "namespace": "alpine", "name": "go", "version": "0", "qualifiers": { "arch": "riscv64", "distroversion": "v3.24", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.9.4-r0", "latest_non_vulnerable_version": "1.26.3-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172496?format=api", "vulnerability_id": "VCID-cguy-8zgm-c7by", "summary": "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10722", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10693", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10753", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10752", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161271", "reference_id": "2161271", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161271" }, { "reference_url": "https://go.dev/cl/455716", "reference_id": "455716", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/" } ], "url": "https://go.dev/cl/455716" }, { "reference_url": "https://go.dev/issue/56694", "reference_id": "56694", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/" } ], "url": "https://go.dev/issue/56694" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-1143", "reference_id": "GO-2022-1143", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-1143" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "reference_id": "yZDrXjIiBQAJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:41:16Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/285083?format=api", "purl": "pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2022-41720" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cguy-8zgm-c7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18305?format=api", "vulnerability_id": "VCID-nykz-vf4s-3bh9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03204", "scoring_system": "epss", "scoring_elements": "0.87294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03204", "scoring_system": "epss", "scoring_elements": "0.87343", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03204", "scoring_system": "epss", "scoring_elements": "0.87345", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03204", "scoring_system": "epss", "scoring_elements": "0.87339", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/05/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/05/08/3" }, { "reference_url": "https://go.dev/cl/583815", "reference_id": "583815", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://go.dev/cl/583815" }, { "reference_url": "https://go.dev/issue/67119", "reference_id": "67119", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://go.dev/issue/67119" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2825", "reference_id": "GO-2024-2825", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2825" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240531-0006/", "reference_id": "ntap-20240531-0006", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240531-0006/" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0", "reference_id": "wkkO4P9stm0", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T14:49:29Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/wkkO4P9stm0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/285083?format=api", "purl": "pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2024-24787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nykz-vf4s-3bh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12423?format=api", "vulnerability_id": "VCID-u2wh-enjt-yfc6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02335", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02328", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02333", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41716" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://go.dev/cl/446916", "reference_id": "446916", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/" } ], "url": "https://go.dev/cl/446916" }, { "reference_url": "https://go.dev/issue/56284", "reference_id": "56284", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/" } ], "url": "https://go.dev/issue/56284" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-1095", "reference_id": "GO-2022-1095", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-1095" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "reference_id": "hSpmRzk-AgAJ", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:02:04Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/285083?format=api", "purl": "pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2022-41716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2wh-enjt-yfc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172652?format=api", "vulnerability_id": "VCID-wc4t-utvr-ubbh", "summary": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41722.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64288", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64279", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64292", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203008", "reference_id": "2203008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203008" }, { "reference_url": "https://go.dev/cl/468123", "reference_id": "468123", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/" } ], "url": "https://go.dev/cl/468123" }, { "reference_url": "https://go.dev/issue/57274", "reference_id": "57274", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/" } ], "url": "https://go.dev/issue/57274" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2023-1568", "reference_id": "GO-2023-1568", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2023-1568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1325", "reference_id": "RHSA-2023:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3304", "reference_id": "RHSA-2023:3304", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3366", "reference_id": "RHSA-2023:3366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3366" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "reference_id": "V0aBFqaFs_E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:58:38Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/285083?format=api", "purl": "pkg:apk/alpine/go@0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2022-41722" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4t-utvr-ubbh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@0%3Farch=riscv64&distroversion=v3.24&reponame=community" }